Академический Документы
Профессиональный Документы
Культура Документы
Greater Flexibility
Domain Rename
This supports changing the Domain Name System (DNS) and/or NetBIOS names of
existing domains in a forest, keeping the resulting forest still "well formed."
Administrators have greater flexibility in changing the Active Directory structure after
it is deployed. Design decisions are now reversible, which benefits organizations that
may be in involved in a merger or significant restructuring.
Schema Redefine
The flexibility of Active Directory has been enhanced to allow the deactivation of
attributes and class definitions in the Active Directory schema. Attributes and classes
can be redefined if an error was made in the original definition.
In conjunction with Windows Server 2003, Microsoft is releasing a new Group Policy
management solution that unifies management of Group Policy. The Microsoft Group
Policy Management Console (GPMC) provides a single solution for managing all Group
Policy–related tasks. GPMC lets administrators manage Group Policy for multiple
domains and sites within a given forest, all in a simplified user interface (UI) with
drag-and-drop support. Highlights include new functionality such as backup, restore,
import, copy, and reporting of Group Policy objects (GPOs). These operations are fully
scriptable, which lets administrators customize and automate management. Together
these advantages make Group Policy much easier to use and help you manage your
enterprise more cost-effectively.
Enhanced UI
Cross-Forest Authentication
Cross-Forest Authorization
Cross-forest authorization makes it easy for administrators to select users and groups
from trusted forests for inclusion in local groups or ACLs. This feature maintains the
integrity of the forest security boundary while allowing trust between forests. It
enables the trusting forest to enforce constraints on what security identifiers (SIDs) it
will accept when users from trusted forests attempt to access protected resources.
Cross-Certification Enhancements
If Active Directory forests are in cross-forest mode with two-way trusts, then Internet
Authentication Service/Remote Authentication Dial-In User Service (IAS/RADIUS) can
authenticate the user account in the other forest with this feature. This gives
administrators the capability to easily integrate new forests with already existing
IAS/RADIUS services in their forest.
Credential Manager
Branch offices with domain controllers can provide user logon through cached
credentials without first contacting the global catalog, improving system performance
and robustness over unreliable wide area networks (WANs). The loss of connectivity
between a branch office and a global catalog no longer impacts the ability of branch
users to log on. Branch offices can be supported more effectively and bandwidth
consumption over WAN links is reduced.
Group Membership Replication Enhancements
Some directory information does not need to be made globally available. This feature
provides the capability to host data in Active Directory without significantly impacting
network performance by providing control over the scope of replication and
placement of replicas.
Some directory information does not need to be made globally available. This feature
provides the capability to host data in Active Directory without significantly impacting
network performance by providing control over the scope of replication and
placement of replicas.
Instead of replicating a complete copy of the Active Directory database over the
network, this feature allows an administrator to source initial replication from files
created when backing up an existing domain controller or global catalog server.
Dependability Improvements
Active Directory includes several new features that increase dependability such as
Health Monitoring, which allows administrators to verify replications between domain
controllers, improved global catalog replication, and an updated Inter-Site Topology
Generator (ISTG) that scales better by supporting forests with a greater number of
sites than Windows 2000.